Outlines the regulatory, privacy and security risks faced by FinTech companies and Financial Services firms if their digital strategy is not thought through.

1. Page § 1Confidential
YOUR LOGO
Security & Privacy Challenges Faced By
Financial Services Firms In The Digital Age
Kalpesh Desai
CEO
Agile Financial Technologies
info@agile-ft.com

2. Page § 2Confidential
The “Millenials” have changed all the questions
§ The success of your digital strategy will depend on millenials
warming up to the same
§ Millenials only wish to interface digitally
§ Financial services firms are being forced to focus on user
experience and turn their IT systems around
§ Traditional systems were designed for workflow, assuming that
customers were willing to wait for a response
§ The digital customer
wants information
and service
on-demand
(mobile devices and
the web)

3. Page § 3Confidential
Digital Technology Has Changed
The Way We Do Business
Financial firms desire to create "insight
based" customer experiences
Need to leverage "The digital channel”
Need to evolve the role of agents in the
digital age
Work with Aggregators and Disrupters (P2P)
Identify and work directly with Ecosystems
Embrace "Internet of Things" into their
business model

4. Page § 4Confidential
Digital Technology Disruption
Across Financial Services

5. Page § 5Confidential
Bottlenecks
§ Technology deficit is glaring as financial firms rush to jump onto the
bandwagon without thinking through security and privacy
challenges
§ Big data required for insight based customer experiences, provides
big security and privacy challenges
§ Regulators are also evolving and as business models go cross-
border across ecosystems, there may be one or more regulator
involved. FinTech companies need a full time compliance officer!

6. Page § 6Confidential
Risks, Threats & Challenges
§ Privacy & Customer Information Ownership
- Financial services sector maintains sensitive information about individuals and
enterprises
- As penetration of online and mobile services increase, more data is available in
digital format – easier to analyze but susceptible to security breaches
- This data eventually is ubiquitous
- Interaction with ecosystems and aggregators crosses regulatory boundaries and
a very, very thin line in terms of how sensitive personal, financial and health
information would be provided to third parties in a secure manner.
- When data is shared, data ownership must be firmly established because this
can violate your consent agreements with customers
- Data labeling, selective data sharing and identity/privacy-aware data sharing will
become the need of the hour.
- Privacy aware data sharing is complex and requires rework and tagging on
already voluminous data

7. Page § 7Confidential
Risks, Threats & Challenges
§ Digital Identity Theft
- Major challenge as integrated, omnichannel experiences are being demanded by
customers
- To extend fintech services in a seamless fashion, reliance on conventional
authentication mechanisms such as passwords and PINs have reduced, leading
way to:
- Devices (mobile phones) equipped with biometric sensors
- OTP (one time passwords)
- Code generating apps (Google Authenticator)
- Potential to clone these identities lead to amplified risks
- Adaptive authentication or risk-based authentication potentially analyzes user
behavior. Granting access on this basis could lead to misuse of digital identities
- API’s and interfacing systems communicate with multiple enterprise apps and
allow seamless sharing of data. Opens up threats to cross-platform malware
- There is a serious technology and security architecture deficit amongst most
financial institutions that could enable them fight the threat
- FinTech startups, though innovative, are just as good as their software coding
practices

8. Page § 8Confidential
Risks, Threats & Challenges
§ Risk of regulatory non-compliance
- Compliance with KYC, anti-money laundering norms and regulatory enforced
blacklists
- Ability to report suspicious activity across ubiquitous systems
- Compliance with data protection laws
§ Regulators take privacy policies very seriously
- Thin line between trying to gain customer insight and infringing on privacy
- In some cases, completely against regulation
- Online payment processing company, Dwolla, was fined USD 100K for purporting that
its transactions were “safe” and “secure,” that its information was “securely encrypted,”
and that it was compliant with up-to-date data security standards. They were
investigated by Consumer Financial Protection Bureau (CFPB) and taken to task in
March 2016
§ Risk of cyber-attacks
- “There are only two types of companies: those that are already hacked and
those that will be” ~ Robert Mueller, FBI Director

9. Page § 9Confidential
Key Considerations
§ In the absence of a single regulator and the ubiquitous nature of
FinTech services, ignorance of statutory & regulatory laws is
inexcusable.
§ Control access to data with systems, policies and procedures
§ Implement audit and forensic capabilities to comply with regulatory,
statutory or law enforcement audit requirements
§ Dispose of data you no longer need – reduce potential liabilities in
the event of a security breach
§ Treat customers and consumers consistently with promises (Online
Privacy Policy) and in line with regulatory norms

10. Page § 10Confidential
Key Considerations
§ Proactively disclose breaches
§ Focus on risk assessment and adopting security controls
§ Implement strict policies on allowing confidential data to be stored
outside your firewall
§ Take steps to reduce threats against targeted eavesdropping, man-
in-the-middle attacks, cross-platform malware
§ Be cautious about the public cloud, a favorite target of data thieves.

11. Page § 11Confidential
For more information, write to: info@agile-ft.com
Visit us on: www.agile-ft.com
U.S.A. Ÿ Mauritius Ÿ U.A.E. Ÿ India Ÿ Singapore